The OVAL Repository 5.6 2010-03-11T04:32:18.901-05:00 VMWare ESX Server 4 Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMware ESX Server 4 The operating system installed on the system is VMware ESX Server 4.0. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3.5 VMWare ESX Server 4 Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3.5 VMWare ESX Server 4 LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3.5 VMWare ESX Server 4 Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3.5 VMWare ESX Server 4 Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3.5 VMWare ESX Server 4 The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3.5 VMWare ESX Server 4 The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3.5 VMWare ESX Server 4 Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3.5 VMWare ESX Server 4 The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3.5 VMWare ESX Server 4 The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3.5 VMWare ESX Server 4 Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3.5 VMWare ESX Server 4 Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak." Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3.5 VMWare ESX Server 4 Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3.5 VMWare ESX Server 4 Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3.5 VMWare ESX Server 4 Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3.5 VMWare ESX Server 4 Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 4 parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. Michael Wood DRAFT Michael Wood INTERIM ACCEPTED ACCEPTED VMware ESX Server 4 The operating system installed on the system is VMware ESX Server 4.0. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 4 The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. Michael Wood DRAFT Michael Wood INTERIM ACCEPTED ACCEPTED VMware ESX Server 4 The operating system installed on the system is VMware ESX Server 4.0. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 4 udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. Michael Wood DRAFT Michael Wood INTERIM ACCEPTED ACCEPTED VMware ESX Server 4 The operating system installed on the system is VMware ESX Server 4.0. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4 The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4 The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4 The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3 The operating system installed on the system is VMWare ESX Server 3.0.3. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED VMware ESX Server 3.5 The operating system installed on the system is VMware ESX Server 3.5.0. Pai Peng DRAFT INTERIM ACCEPTED ACCEPTED VMWare ESX Server 3 The operating system installed on the system is VMWare ESX Server 3.0.2. Yuzheng Zhou DRAFT INTERIM ACCEPTED ACCEPTED VMware ESX Server 4 The operating system installed on the system is VMware ESX Server 4.0. Michael Wood DRAFT INTERIM ACCEPTED ACCEPTED